With the increasing number of computing networks and computing devices, including smart devices, internet of things devices, etc., network security is more important than ever. The average user may be largely unaware of attacks or attempted attacks on their networks and devices, relying completely on built-in protections and monitoring. In many cases, built-in protections may not be enough to prevent malicious attacks or even identify when an attack may be occurring or if there is a potential threat to a network. As a result, users interested in network security must often rely on third party devices and programs.
Common programs utilized by users for network security include antivirus programs and firewalls. In most cases, such programs are installed on an endpoint device in a system, such as a user's desktop computer. However, this can often only provide protection to that device itself, leaving the rest of the network largely unprotected. In some cases, the program may be able to monitor other network traffic and detect attacks, but be powerless to stop an attack from occurring on another device. Thus, a stronger form of protection is to have a router, modem, or other similarly situated device that has a firewall or antivirus program available. In such cases, all incoming and outgoing traffic may be monitored by the program. However, these programs often rely on blacklists, whitelists, and other data sets in order to determine if traffic is safe or suspicious. In many cases, these devices and programs lack the ability to identify the source of communications, where these source devices and programs are located, the domains involved, and other information that may provide for a better assessment of potential threats. Thus, there is a need for a system that can identify such information in order to provide more comprehensive protection for a communication network and the attached devices.